Access your Jelastic Cloud via SSH

By | June 26, 2014

Earlier this month we announced a release of Jelastic version (2.2) which brings you many new features and functions. One added functionality is the ability to access your containers via SSH. Today, we’d like to provide a general overview of this feature and its usage in Jelastic’s Cloud.

 

Overview

SSH (Secure Shell) is a protocol used to connect securely to a remote container and execute the required commands on it. SSH commands are encrypted and secure: client/server connection is authenticated using a digital certificate, and passwords are protected by being encrypted.

To make SSH access available in Jelastic, a new infrastructure component was added to the core - SSH Gateway. SSH Gateway accepts users’ connections from the internet and then transmits these connections to the desired container, using an internal network.

Jelastic-Cluster-Scheme

The authentication procedure in Jelastic's SSH Gateway is divided into two independent parts:

  • connection from end user to Gateway (external authentication)
  • connection from Gateway to users’ container (internal authentication)

Both parts of the authentication procedure are based on a standard SSH protocol, using public/private keypairs.

With Jelastic SSH Gateway, you can easily access:

  • the whole account where you can navigate across your environments and containers using an interactive menu without extra authentication SSH-GateWay-scheme
  • separate containers directly while working with them remotely via additional tools (e.g. Capistrano) or using SFTP and FISH protocols SSH-GateWay-scheme-2

While accessing containers via SSH, a user receives all required permissions and additionally can manage the main services with sudo commands of the following kind (and others):

sudo /etc/init.d/jetty start sudo /etc/init.d/mysql stop sudo /etc/init.d/tomcat restart sudo /etc/init.d/memcached status sudo /etc/init.d/mongod reload sudo /etc/init.d/nginx upgrade sudo /etc/init.d/httpd help

Note: if you deploy any application, change the configurations or add any extra functionality via SSH to your Jelastic environment, this will not be displayed at the Jelastic dashboard.

In addition, we provide support of SFTP (Secure File Transfer Protocol) by implementing the threaded daemon for SFTP connections processing. It lets you access, manage and transfer files directly to the container via SSH gateway, and in such a way, ensures data security.

An additional secure network protocol is FISH (Files transferred over Shell protocol). It is supported by a number of popular FTP-clients and file managers (e.g. Midnight Commander, Konqueror, lftp, Krusader, etc) and permits a user to securely access and manage a container’s file system.

Below we’ll describe how to:

 

Generate SSH Key

The steps of SSH key generation depends on the system you use:

 

For Linux/MacOS

Generate a new SSH key (dsa or rsa type) using an ssh_keygen tool: 1. Initiate generation with the following command: $ ssh-keygen -t dsa 2. Navigate to the id_dsa.pub file to get the key ~ $ ~/.ssh $ cat id_dsa       id_dsa.pub   known_hosts ~/.ssh $ cat id_dsa.pub

3. Copy the generated SSH key.

Note: in the above example, we generated a dsa SSH key. You can also use a rsa key. To generate it, follow the same method, but state rsa value instead of dsa.

 

For Windows

1. Download and run an SSH keygen tool, for example, PuTTYgen:download puttygen2. Specify the following parameters:

  • choose SSH-2 RSA or SSH-2 DSA key type
  • enter the desired number of bits (e.g. 2048)

Click Generate.key settings3. Copy the generated key from the output field at the top of the window.generated key

 

Add SSH Key

Now, you can add the generated SSH key to your Jelastic account.

1. Open the Jelastic dashboard and navigate to the upper toolbar. Click the Settings button.settings button2. In the opened Account settings tab, navigate to an SSH Access option.ssh access tab3. Click the Add SSH Key button and paste the previously generated key to the required Key field. The Title field will be automatically populated if your key already contains this value.add ssh keyClick Add Key.

4. As a result, the added SSH key will a
ppear in the list.key added

In this way, you can add several keys or delete any if they are unnecessary.

Note: the added SSH key is attached to your account, but not just to a separate environment.

 

SSH Access to a Jelastic Account

Now let’s see how you can access your Jelastic account with all of its environments and containers via SSH.

Open the Jelastic dashboard and navigate to the upper toolbar. Click the Settings button.settings buttonIn the opened Account settings tab, navigate to an SSH Access option.

Click the link in the note to open your SSH gateway.  As a result, you’ll access Shell Handler via console automatically.

Or, just copy the given command line and run it via your console (SSH client).command line

The further steps of SSH access to the account depends on the system you use:

 

For Linux/MacOS

1. Open your terminal and enter SSH connection string from the Settings > SSH Access tab at the dashboard.

Note: all the commands should be executed at your local machine’s user, similar to one you’ve used during SSH key pair generation, in order to avoid permission/connection errors.

linux console string2. You will see a list of environments available for your account. Please select the required environment by entering its list number.

Note: you can only access running environments.

73. After that, you’ll see a full list of containers provisioned for the chosen environment.

Beside each container its node ID and LAN IP address are stated. To access the container, enter its list number.84. Now using shell assistance, you can proceed to setting the required configs.9Shell access comes with the risk of accidentally damaging your application. So please pay special attention to the actions you perform here.

 

For Windows

To establish the SSH connection for Windows OS, you need to have a private key on your local machine which corresponds to the public one, previously added to the Jelastic dashboard. Therefore, perform the following steps:

1. Save a private version of your SSH key (we use PuTTY tools as an example).save private key 2. Download and run PuTTY SSH agent (named Pageant). In the opened window click Add key button and navigate to your local file with private SSH key.add private key 3. Then you can click the Close button. Pageant will be rolled to the tray. DO NOT exit this tool until your SSH session is closing, otherwise the connection will be lost.

4. Download and run your SSH client (PuTTY as an example). Navigate to the Session tab in the left-hand list.

5. Fill in the Host Name (or IP address) field with your SSH connection string, that can be seen in the Settings > SSH Access tab at the dashboard. Also specify 3022 Port number.

Select the Open button.

ssh string

6. You'll be shown the console with a list of environments available for your account. The further steps are the same as for Linux/MacOS/FreeBSD OS.

 

Direct SSH Access to the Container

You can also "jump" directly to the necessary container, skipping the steps of choosing an appropriate environment and node.

To perform this, you need to know the required container ID. It can be retrieved using the previously described method of SSH access with the interactive menu. There, you can see a list of all available containers and their ID numbers (the nodeid value).nodeid columnUse the nodeid value of the required container in the command of the following type:

ssh {nodeid}-{uid}@{SSH_gateway} -p 3022

{uid} and {SSH_gateway} values are presented in the Jelastic dashboard (Sett
ings > SSH Access
).

For example,  in order to access a MySQL-5.5.34 container in accordance with the gateway we use in this instruction, we need to enter the following command: ssh 6481-97@gate.jelastic.com -p 3022

This option can be useful while working with tools for deployment and setting up configurations at the remote container. For example, such tools as Capistrano.

 

Conclusion

We hope that this information will be useful for those of you who would like to delve deeper into the advanced features of Jelastic’s system. More details can be found in our additional documentation. In our next publication, we will provide you with details on SFTP and FISH protocols for accessing containers via SSH. Stay tuned and remember that with Jelastic you always get more!